New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit size of request header and body #90
Comments
Original comment by Anonymous: Could someone explain this one? |
Original comment by Anonymous: This is to protect us against attacks ... |
Original comment by Anonymous: True. And in this case, we should send HTTP code 413 : |
Original comment by Anonymous: See also : |
Original comment by Anonymous: oops i meant: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.20 |
Original comment by Anonymous: To be useful we need to test the length of the header entity and the body entity early in the process. It either means we need to let the server handlers (WSGI, built-in HTTP, or else) do the job, or we need to do that in processRequestHeaders() and processRequestBody(). The former one seems to get the headers through self.requestHeaders which is a generator, thus we can't compute its length. We can wait for the request.headerMap to be filled up. But then it seems to be lae in the process IMO. The latter is either to be done once FieldStorage has been called or before, but again it sounds late to be really useful. So, I feel like we should leave that to the server handlers instead as a good practice. |
Original comment by Anonymous: server.maxRequestSize can now be used to set the maximum size a post body. |
Original comment by Robert Brewer (Bitbucket: fumanchu, GitHub: fumanchu): Changeset [585] partially addresses this. Do we really need per-path config on this, though? It seems to me that
|
Original comment by Anonymous: I'm perfectly happy making this a global setting. |
Original comment by Anonymous: Implementation done in [626]. Still need to write docs for new config options |
Fix several typos and grammar mistakes in the docs.
Originally reported by: Anonymous
Reported by rdelon
The text was updated successfully, but these errors were encountered: